Alex van den Bogaerdt wrote:
So it isn't perfect.
Defining "not perfect" as superset of "FUBAR", yes.
trust.example allowed a certain host to use its name.
No, it allowed to use its MAIL FROM, and it even knows that
this host checks it (SMTP AUTH + enforced submission rights).
at least now you know it came from a host related (however
loosly) to trust.example
In other words you got the bogus PRA-PASS for trust.examle,
it was a phish / spam / malware, and trust.example is added
to every RHSBL of the planet as a "black hat".
The victim of this phish / spam / malware will sue them and
maybe win. There is no relationship between PRA and MFROM,
it just doesn't work. The most fatal flaw of this scheme
is that it _apparently_ works in many cases. Nobody would
fix it only for trust.example, they are "collateral damage".
Bye, Frank